Out in the Open: A New Programming Language With Built-In Privacy Protocols

Photo: Josh Valcarcel/WIRED

Facebook founder and CEO Mark Zuckerberg knows what it’s like. His online privacy was compromised in 2011, and it happened on the online social network that he invented.

Thanks to a bug in the way Facebook operated, anyone who followed the right steps could view Zuckerberg’s private photos, and many of the pics were published across the web for all to see. The photos were rather harmless — a few drunken party pics — but people who discovered the bug also used it to view the private photos of women they found attractive. The flaw could have had serious consequences for other users had it not been quickly fixed.

Any application that stores personal data such as photos is vulnerable to bugs that accidentally expose private information. Human error is inevitable. But an MIT PhD student named Jean Yang wants to make these coding mistakes as rare as possible with new privacy-centric programming language called Jeeves.

Jeeves inventor Jean Yang. Photo: Jean yang

Today, software programmers typically create dedicated privacy settings for each new feature they add to an application. But with Jeeves — named after the fictional valet in a series of short stories by P. G. Wodehouse — coders could readily create privacy settings for an entire application, a master list that could then flow to each new application feature. This could help prevent situations like the one that snagged Mark Zuckerberg.

The bug that revealed Zuckerberg’s private photos was discovered by a group of people who hung-out on an online body-building forum. First, they flagged one of Zuckerberg’s publicly facing photos as “inappropriate.” Then the application presented them with several other photos to evaluate — regardless of the privacy settings of those photos. The issue, it appears, was that the “inappropriate content” feature was not properly checking the privacy settings of the photos against the access level of the users.

Jeeves would help programmers avoid such a mistake by making privacy settings an inherent part of each piece of content. “In a Jeeves system, assuming the programmer sets things up right, private data such as photos would be attached to policies until the moment they are released,” she says. “This guarantees that unauthorized viewers may not view a photo no matter what series of actions they took to arrive at a photo.”

Jeeves, when finished, could be a boon to smaller companies that want to safely handle private information. Facebook has the infrastructure to detect, fix, and prevent problems like this quickly, but companies with fewer resources and fewer users might take longer to spot and fix this type of bug. Yang also says Jeeves could be useful for companies that want to make data available to third-party developers. “If all of the code lived in a Jeeves world, then we can create data, attach policies to it, and send it off to third party apps knowing that the policies will be enforced,” she says.

In other words, if a programmers sets things up right in the beginning, Jeeves should manage the flow of privacy settings to all new features without the need to do anything special.

Yang got the idea for Jeeves a few years ago, as Facebook’s privacy settings became more complex and users were more likely to accidentally discover information about each other. For example, the Wall Street Journal published a story in 2011 about two gay students at the University of Texas who were outed to their fathers after being added to a queer choir group on Facebook. Although both had fine-tuned their privacy settings, they hadn’t realized that the group would announce their membership on their timelines for all their friends and family to see. Yang had been studying a branch of computer science called constraint programming, in which coders specify the goal of a program rather than just the steps required to carry out that goal. When she realized that this approach could be applied to privacy, she started work on Jeeves.

Today, Jeeves can be embedded within the existing programming languages Python and Scala. But Yang says it’s still just a research language not quite ready for real-world coding. For one thing, it’s far too slow for a company like Facebook to use. “The way I see it is that research languages are test beds for features that we could have someday, like automated memory management” she says. “Each feature could take years to develop.”

But she hopes that one day, the privacy features offered by Jeeves will become a standard feature in many programming languages. “We need to find ways to make it easy for companies to enforce privacy policies,” she says, “so that they have no excuse not to.”